From 56b5a15cf047f6c9529f5d1efab95bc713d05877 Mon Sep 17 00:00:00 2001 From: Shawn Date: Thu, 26 Oct 2023 09:35:56 +0800 Subject: [PATCH] [Doc] Optimize class registration doc (#1027) * refine register exception msg * refine register doc * revert copy --- README.md | 4 ++-- docs/guide/DEVELOPMENT.md | 4 ++++ docs/guide/java_object_graph_guide.md | 2 +- .../src/main/java/io/fury/resolver/ClassResolver.java | 6 ++++-- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 6893e6628f..5bd3f60bf5 100644 --- a/README.md +++ b/README.md @@ -153,7 +153,7 @@ public class Example { Fury fury = Fury.builder().withLanguage(Language.JAVA) // Allow to deserialize objects unknown types, more flexible // but may be insecure if the classes contains malicious code. - // .requireClassRegistration(false) + .requireClassRegistration(false) .build(); // Registering types can reduce class name serialization overhead, but not mandatory. // If class registration enabled, all custom types must be registered. @@ -165,7 +165,7 @@ public class Example { ThreadSafeFury fury = Fury.builder().withLanguage(Language.JAVA) // Allow to deserialize objects unknown types, more flexible // but may be insecure if the classes contains malicious code. - // .requireClassRegistration(false) + .requireClassRegistration(false) .buildThreadSafeFury(); byte[] bytes = fury.serialize(object); System.out.println(fury.deserialize(bytes)); diff --git a/docs/guide/DEVELOPMENT.md b/docs/guide/DEVELOPMENT.md index 446ad1e57a..3b741a6e24 100644 --- a/docs/guide/DEVELOPMENT.md +++ b/docs/guide/DEVELOPMENT.md @@ -1,3 +1,7 @@ + # How to build to Fury ## Get the source code diff --git a/docs/guide/java_object_graph_guide.md b/docs/guide/java_object_graph_guide.md index 1e9b22d0ef..b8e1176c1d 100644 --- a/docs/guide/java_object_graph_guide.md +++ b/docs/guide/java_object_graph_guide.md @@ -31,7 +31,7 @@ public class Example { Fury fury = Fury.builder().withLanguage(Language.JAVA) // Allow to deserialize objects unknown types, more flexible // but may be insecure if the classes contains malicious code. - // .requireClassRegistration(false) + .requireClassRegistration(false) .build(); // Registering types can reduce class name serialization overhead, but not mandatory. // If class registration enabled, all custom types must be registered. diff --git a/java/fury-core/src/main/java/io/fury/resolver/ClassResolver.java b/java/fury-core/src/main/java/io/fury/resolver/ClassResolver.java index 8fa37027bd..6a86008707 100644 --- a/java/fury-core/src/main/java/io/fury/resolver/ClassResolver.java +++ b/java/fury-core/src/main/java/io/fury/resolver/ClassResolver.java @@ -1132,8 +1132,10 @@ private Serializer createSerializer(Class cls) { String msg = String.format( "%s is not registered, please check whether it's the type you want to serialize or " - + "a **vulnerability**. If safe, registering class by " - + "`Fury#register` will have better performance by skipping classname serialization", + + "a **vulnerability**. If safe, you should invoke `Fury#register` to register class, " + + " which will have better performance by skipping classname serialization. " + + "If your env is 100%% secure, you can also avoid this exception by disabling class " + + "registration check using `FuryBuilder#requireClassRegistration(false)`", cls); boolean forbidden = BlackList.getDefaultBlackList().contains(cls.getName()); if (forbidden || !isSecure(extRegistry.registeredClassIdMap, cls)) {